CVE-2023-37755

Summary

CVE	CVE-2023-37755
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-09-14 20:15:00 UTC
Updated	2023-11-07 04:17:00 UTC
Description	i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).

Risk And Classification

Problem Types: CWE-798

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	I-doit	I-doit	All	All	All	All
Application	I-doit	I-doit	All	All	All	All

References

Reference	Source	Link	Tags
i-doit v25 and below incorrect access control issue, CVE-2023–37755 - Ray - Medium	MISC	medium.com
i-doit v25 and below incorrect access control issue, CVE-2023–37755 - Ray - Medium	MISC	medium.com
i-doit v25 and below incorrect access control issue, CVE-2023–37755 - Ray - Medium		medium.com
i-doit v25 and below incorrect access control issue, CVE-2023–37755 - Ray - Medium		medium.com
CVE-2023-37755 - Hardcoded Admin Credential in i-doit Pro 25 and below	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.